#VU93449 Improper error handling in Linux kernel
Vulnerability identifier: #VU93449
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1
http://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533
http://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62
http://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6
http://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec
http://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681
http://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
